[MikeSwim07]

I guess you could say that. Though when I think of hacking I think of someone doing it themselves.

[tomdkat]

Quote:

Originally Posted by win2kpro

Do you not consider running a keylogger, stealing user names, passwords and credit card numbers a "hack"? If you don't consider this kind of activity a "hack" please explain to me your definition of "hack".

Not when it's on their own system. I consider hacking to be circumventing or cracking the security in place on another system which you are not authorized to access.

Peace...

[ssycko]

Quote:

Take for instance the 9/11 hijackers. They went to flight school to learn the basics of flying large commercial aircraft. I don't believe any of them went to work in the airline industry. The flight schools that taught these guys the basics had no way of knowing how they would use their knowledge. Now we know.

So what are you suggesting, that we abolish flight school?

[win2kpro]

Quote:

Originally Posted by ssycko

So what are you suggesting, that we abolish flight school?

Hello, I think you missed the point.

The point is, after you teach someone a "skill" that could be used for good or bad purposes, after they are out of your control, you never know how that "skill" may be utilized.

[tomdkat]

Quote:

Originally Posted by win2kpro

The point is, after you teach someone a "skill" that could be used for good or bad purposes, after they are out of your control, you never know how that "skill" may be utilized.

Yep, I agree.

Peace...

[guitar]

so what
should we all be so paranoid
the anarchists cookbook has been around for years
a choice to use such knowledge for good or bad
thats freedom
i choose

[ssycko]

But going with the flight school analogy, it's very necessary to have flight school so that we can train the people to fly. If not, the entire economy would collapse. That 0.0001% of people who attend flight school who use it in a malicious manner is just a risk you'll have to take.

Quote:

Originally Posted by win2kpro

Companies that deal with viruses and other malware should be the ones teaching their employees how to recognize and deal with viruses and other malware, just as the military teaches their personnel how to deal with IEDS.

Military personnel do know how an IED works. Not down to the circuitry, but they have to know how something works to defend against it. Same goes for defending yourself against anything, be it viruses, IEDs, the flu, economic depression, etc. Why are generals always trying to find out exactly what the enemy is going to do to them? So they can prepare effectively.

Without understanding how a virus works, what exactly makes it tick, antivirus programs are just putting up a roadblock, not finding the solution.

[YellerPuma]

Quote:

Originally Posted by win2kpro
The point is, after you teach someone a "skill" that could be used for good or bad purposes, after they are out of your control, you never know how that "skill" may be utilized.

Agreed.

I think the AV companies should teach this stuff to their team, not a university teaching the general public.

Cheers...

[win2kpro]

What I believe a lot of posters in this thread are missing is the point that the course being taught by this professor at this institute of higher learning, involves an illegal activity that is illegal by Federal and many State laws (cyber crime).

http://www.fbi.gov/cyberinvest/cyberhome.htm

We have enough cyber crime today, without some professor teaching his students how, as such to "beat the system".

What's next, is it OK for an institute of higher learning to offer a course in armed robbery? Let's see now, thay could offer a course syllabus of; (1) How to construct the best
disguise (2) How to choose the best target, i.e. bank, convenience store, armored car, etc.
(3) How to plan your getaway route with the least chance of being apprehended, etc.

It is just my humble, stupid opinion that colleges should not be teaching their students how to engage in illegal activity.

[MikeSwim07]

Yes, I agree. Teaching this in the classroom is unacceptable. But you have to admit, if the person who gets this malware writing skills uses it for good, it will benefit them greatly.

[tomdkat]

Quote:

Originally Posted by win2kpro

What I believe a lot of posters in this thread are missing is the point that the course being taught by this professor at this institute of higher learning, involves an illegal activity that is illegal by Federal and many State laws (cyber crime).

http://www.fbi.gov/cyberinvest/cyberhome.htm

Is it really illegal to learn how to write a virus or is it illegal to deploy the virus? Based on this:

Quote:

The FBI's cyber mission is four-fold: first and foremost, to stop those behind the most serious computer intrusions and the spread of malicious code; second, to identify and thwart online sexual predators who use the Internet to meet and exploit children and to produce, possess, or share child pornography; third, to counteract operations that target U.S. intellectual property, endangering our national security and competitiveness; and fourth, to dismantle national and transnational organized criminal enterprises engaging in Internet fraud. Pursuant to the National Strategy to Secure Cyberspace signed by the President, the Department of Justice and the FBI lead the national effort to investigate and prosecute cybercrime.

it sounds to me like the issue is with those who deploy the malicious code. The illegal activity isn't the learning how to do it, it's the actual practice of what is learned. I've got no issue with the point that we really don't know what those who have the knowledge will do with it once they have graduated from the university. Some might engage in illegal activity and if they do, they should be prosecuted to the full extent of the law if they are caught. Some might use that knowledge to help in the fight against malware developers and use the knowledge they've learned to hopefully be more effective at keeping malware at bay. Some might not do anything with that knowledge at all and do nothing with it.

My question to you is: why do you appear to be convinced those who learn what this professor is teaching will use this knowledge for malicious purposes, at some later point, just by virtue of having said knowledge?

Peace...

[JohnWill]

Quote:

Originally Posted by tomdkat

My question to you is: why do you appear to be convinced those who learn what this professor is teaching will use this knowledge for malicious purposes, at some later point, just by virtue of having said knowledge?

Peace...

I guess to turn this question around, why do you think all these people are learning these techniques? Are you really so naive as to think they'll all "do good" with this knowledge?

[MikeSwim07]

OK clearly none of us are not going to change our minds.

[tomdkat]

Quote:

Originally Posted by JohnWill

I guess to turn this question around, why do you think all these people are learning these techniques? Are you really so naive as to think they'll all "do good" with this knowledge?

Two great questions!

Why do you think all these people are learning these techniques?
I think some are interested in learning them so they can be "hackers" themselves, at some later point, or at least they think they can be. Of course, this doesn't mean they will succeed since learning "known" exploits wouldn't really give you respect in a hacker community. I think some are interested in learning them so they can better understand how malware works and how people can have so much success exploiting Windows. They can also learn how anti-virus and anti-spyware apps work since they learn how those kinds of apps can be circumvented. I think some are interested in learning them with the possible hope of "joining the fight" against malware developers to protect Windows users from future malware related problems or issues.

Are you really so naive as to think they'll all "do good" with this knowledge?
Well, if you're actually comprehending what I posted above, which is what I've already posted in this thread, it should be clear that I do not think they will all "do good" with what is learned in the class. People take classes for a variety of reasons and don't always apply the knowledge they learned in the related field. I used to work with a computer programmer who had a degree in Geology. He went through the time, work, and effort to get his Geology degree yet he wasn't working as a Geologist. A guy I went to college with has his BSCS, just like me, yet he works in real estate.

I'm simply acknowledging the fact that we really don't know how the information in the class will be used by those taking the class. To not understand this boggles my mind. The tone of your second question gives me the impression you believe everyone taking that class are "aspiring hackers" and if this is the case, I consider that naive or possibly paranoid.

Assuming for a moment that you're right and all the students are aspiring hackers. Do you seriously believe they will be successful in the hacker community by virtue of taking a class taught in a university? The BSCS degree I earned gave me a great foundation upon which I was able to build up "in the real world". I've learned TONS more information in my field after graduating. In this case, we're talking about "hackers" who are generally regarded as "super programmers" since they are able to develop software that can hijack computers, spread to other computers, and do who knows what else without being detected by the user of the computer and, of even more interest, without being detected by software specifically designed to detect the software the hacker has developed. Talk about a programming challenge. This kind of programming skill isn't something that can or will be learned in a class. The "student", in this case, either has the knack or they don't.

For the record, I don't hold "malicious hackers" on some form of pedestal or anything but I certainly do appreciate the programming challenges they are presented with and often wonder how they figure out solutions to those challenges.

Now, I've got a question for you: given whatever reputation I've developed here through my posting activity, would it surprise you if I took a class like this? Do you think I would use the information maliciously?

Peace...

[new tech guy]

This is something like learning to fire a gun. You could use that knowledge for good or bad. You could use the knowledge as a police officer and only use it in an extreme case to disable an evading criminal, could use it in a gang to help take out rival members, or you could just do it for a sport. Its the same concept here and exactly how Tom put it, you could either use the knowledge for good or bad, the choice is up to the recipient of the knowledge. In my opinion, Saying to abolish this from the school is like saying that everyone who can operate a firearm is an aspiring gangster.